Today the Information Commissioner's Office (ICO) issued its first fines since it was handed additional powers, with two organisations paying out a total of 160,000.
For some, the wait was been too long. Others believed it had been a good day for information commissioner Christopher Graham, as he showed the ICO had real teeth.
So where did the story of the ICO fines begin and how did we get to where we are now? We take a look at the brief history of the data protection watchdog and it's penalty powers.
January 2010
A new year called for change and the ICO started off by announcing proposals for additional powers. The body said it wanted to be able to hand out 500,000 penalties for the most serious breaches of the Data Protection Act.
April 2010
These powers were granted and came into force on 6 April.
The ICO explained the most serious fines would occur in cases where the data controller responsible "seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress."
June 2010
Lampeter Medical Practice was found in breach of the Data Protection Act when an unencrypted USB stick containing 8,000 patient details went missing but no fine was handed out.
June 2010
The ICO rapped two NHS bodies, which had experienced serious data breaches.
At the time the ICO said one in four of all Data Protection Act breaches in the UK were committed by the NHS, yet no Trust had been told to pay out.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
